Iptables :: priority of rules
Luc MAIGNAN
luc.maignan at winxpert.com
Fri Feb 23 10:57:38 UTC 2007
In fact, isn't what I wrote ?
Tim a écrit :
> On Fri, 2007-02-23 at 11:26 +0100, Luc MAIGNAN wrote:
>
>> I don't understand how the priority of the rules of iptables is set.
>>
>> My problem : I want to allow ssh from my local network(1), and from
>> outside only for an IP(2)
>>
>> So i Wrote :
>>
>> (1) : iptables -I INPUT -p tcp -s 192.168.0.0/24 --dport ssh -j ACCEPT
>> (2) : iptables -I INPUT -p tcp -s ! x.x.x.x --dport ssh -j DROP
>>
>> The result is that I can ssh only from the ousided IP, not from local
>> network. If I switch the two rules, the result is the same.
>>
>> Can anyone help me to understand ?
>>
>
> You can have a default drop rule on all input traffic, then add a couple
> of specific rules to allow it from your local network, and another to
> allow it from a specific address.
>
>
More information about the fedora-list
mailing list